Add allow_signing_user_agent_header setting option. for verification …

…signed request
smithy-lang · May 10, 2022 · e926d6d · e926d6d
1 parent a0539e2
commit e926d6d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs b/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs
@@ -220,8 +220,11 @@ impl<'a> CanonicalRequest<'a> {
         for (name, _) in &canonical_headers {
             // The user agent header should not be signed because it may be altered by proxies
             if name == USER_AGENT {
-                continue;
+                if !params.settings.allow_signing_user_agent_header {
+                    continue;
+                }
             }
+
             if params.settings.signature_location == SignatureLocation::QueryParams {
                 // The X-Amz-User-Agent header should not be signed if this is for a presigned URL
                 if name == HeaderName::from_static(header::X_AMZ_USER_AGENT) {

diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/settings.rs b/aws/rust-runtime/aws-sigv4/src/http_request/settings.rs
@@ -25,6 +25,9 @@ pub struct SigningSettings {
 
     /// For presigned requests, how long the presigned request is valid for
     pub expires_in: Option<Duration>,
+
+    /// For signed requests, which already signed the user-agent header
+    pub allow_signing_user_agent_header: bool,
 }
 
 /// HTTP payload checksum type
@@ -64,6 +67,7 @@ impl Default for SigningSettings {
             payload_checksum_kind: PayloadChecksumKind::NoHeader,
             signature_location: SignatureLocation::Headers,
             expires_in: None,
+            allow_signing_user_agent_header: false,
         }
     }
 }